Lucene search
IBM2610E8A286CDC37F0B996D796B29A2369A7368C99694397D84A2313D0990ED77HistoryJun 08, 2021 - 9:47 p.m.
Security Bulletin: IBM DataPower Gateway enables default IPMI account
2021-06-0821:47:38
www.ibm.com
9
0.007 Low
EPSS
Percentile
79.6%
Summary
If IPMI over LAN Is enabled, a default administrator account is also enabled.
Vulnerability Details
CVEID:CVE-2019-4621
**DESCRIPTION:**IBM DataPower Appliance and IBM MQ Appliance have a default administrator account that is enabled if the IPMI LAN channel is enabled. A remote attacker could use this account to gain unauthorised access to the BMC.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168883 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM DataPower Gateway | 2018.4.1.0-2018.4.1.5 |
| IBM DataPower Gateway | 7.6.0.0-7.6.0.14 |
Remediation/Fixes
| Fixed in version | APAR | Remediation |
|---|---|---|
| IBM DataPower Gateway 2018.4.1.6 | IT29004 | Install the fixpack |
| IBM DataPower Gateway 7.6.0.15 | IT29004 | Install the fixpack |
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm datapower gateway | eq | 7.6.0.0 | |
| ibm datapower gateway | eq | 7.6.0.14 | |
| ibm datapower gateway | eq | 2018.4.1.0 | |
| ibm datapower gateway | eq | 2018.4.1.5 |
Related
cve
cve
CVE-2019-4621
2019-12-09 23:15:11
prion
prion
Default credentials
2019-12-09 23:15:00
ibm
ibm
cvelist
cvelist
CVE-2019-4621
2019-12-05 00:00:00
nessus
nessus
IBM DataPower Gateway Security Bypass
2020-07-20 00:00:00
nvd
nvd
CVE-2019-4621
2019-12-09 23:15:11
0.007 Low
EPSS
Percentile
79.6%
Related for 2610E8A286CDC37F0B996D796B29A2369A7368C99694397D84A2313D0990ED77